Paper 2023/1435
Identity-Based Matchmaking Encryption, Revisited: Strong Security and Practical Constructions from Standard Classical and Post-Quantum Assumptions
, Yokohama National University, National Institute of Advanced Industrial Science and Technology, Yokohama National University, National Institute of Advanced Industrial Science and Technology, Yokohama National UniversityAbstract
Identity-based matchmaking encryption (IB-ME) [Ateniese et al. Crypto 2019] allows users to communicate privately in an anonymous and authenticated manner. After the seminal paper by Ateniese et al., a lot of work has been done on the security and construction of IB-ME. In this work, we revisit the security definitions and construction of IB-ME and provide the following three contributions. -- First, we embark on the task of classifying the existing security notions of IB-ME. We systematically categorize privacy into three core categories (CPA, CCA, and privacy in the case of mismatch) and authenticity into four categories (NMA and CMA both against insiders and outsiders). In particular, we reconsider privacy when the sender's identity is mismatched during decryption, considered as ``enhanced privacy''~[Francati et al., INDOCRYPT 2021], and provide a new simple security game, called mismatch security, that captures the essence of it. This structured framework not only facilitates more precise comparisons between different IB-ME schemes, but also serves as a valuable tool for evaluating the security of newly proposed schemes. -- Second, we propose a highly efficient and strongly secure IB-ME scheme from the bilinear Diffie-Hellman assumption in the random oracle model. The scheme is based on the Ateniese et al. scheme, but we introduce several techniques to improve its security and efficiency. Especially, we found that the Fujisaki-Okamoto transformation enhances not only privacy but also authenticity. As a result, we obtain a scheme that offers a more compact decryption key and ciphertext than the Ateniese et al. scheme, while achieving CCA and CMA, and mismatch security. -- Third, we propose a new generic construction of IB-ME from anonymous identity-based encryption, identity-based signature, and reusable extractors. Our construction not only achieves CCA, CMA, and mismatch security, but is also the most efficient among existing generic constructions. Through this construction, we obtain various IB-ME schemes from both classical and post-quantum assumptions. For example, we obtain a more efficient scheme from the symmetric external Diffie-Hellman assumption in the standard model, and a practical scheme from lattices in the quantum random oracle model whose secret keys and ciphertexts are less than 5 kilobytes. Moreover, our generic construction produces the first pairing-free IB-ME scheme in the standard model and the first tightly secure lattice-based IB-ME scheme in the quantum random oracle model.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- Identity-Based Matchmaking EncryptionSecurity ModelPairing-Based CryptographyGeneric ConstructionPost-Quantum
- Contact author(s)
-
chiku-sohto-tw @ ynu jp
keitaro hashimoto @ aist go jp
hara-keisuke-kj @ ynu ac jp
shikata-junji-rb @ ynu ac jp - History
- 2023-10-14: revised
- 2023-09-21: received
- See all versions
- Short URL
- https://ia.cr/2023/1435
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1435,
author = {Sohto Chiku and Keitaro Hashimoto and Keisuke Hara and Junji Shikata},
title = {Identity-Based Matchmaking Encryption, Revisited: Strong Security and Practical Constructions from Standard Classical and Post-Quantum Assumptions},
howpublished = {Cryptology ePrint Archive, Paper 2023/1435},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/1435}},
url = {https://eprint.iacr.org/2023/1435}
}
